Threats Tagged 'cve-2026-1615'

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 5 container release update addressing multiple vulnerabilities including CVE-2025-69223 and four others. The update improves the security posture of the platform, which is used for enterprise IT automation. The advisory references fixes for several bugs and vulnerabilities but does not provide detailed technical exploit information or CVSS scores. No known exploits are reported in the wild. The update requires applying all previously released errata before upgrading.

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The platform provides an enterprise framework for IT automation at scale. This update includes fixes for 11 CVEs, including CVE-2025-69223 and others, covering a range of weaknesses such as CWE-770, CWE-94, and CWE-787. The advisory indicates a high severity level but does not provide CVSS scores. No known exploits in the wild have been reported. Users are advised to apply the update after ensuring all previous errata are applied.

Red Hat has issued a security advisory (RHSA-2026:6404) for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities including CVE-2025-69223 and ten others. The platform is an enterprise framework for IT automation management. The advisory indicates an important security update is available that fixes several bugs and vulnerabilities. No known exploits in the wild have been reported. The update requires applying all previously released errata before upgrading. Detailed release notes and upgrade instructions are provided by Red Hat.

Red Hat Developer Hub (RHDH) 1. 9. 3 addresses multiple security vulnerabilities affecting its enterprise-grade developer portal based on Backstage. io. The vulnerabilities include a range of issues identified by 15 CVEs, covering weaknesses such as improper input validation, code injection, and path traversal. The advisory indicates a high severity level and provides updated images and fixes for identified bugs. No known exploits are reported in the wild. The vendor advisory does not explicitly confirm patch availability but announces the 1. 9. 3 release as a security update addressing these issues.

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.